Re: conntrack and application-triggered port forwarding

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martijn Lievaart <m@rtij.nl>
To: marian stagarescu <marian@ti.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: conntrack and application-triggered port forwarding
Date: Wed, 09 Apr 2003 17:20:10 +0200	[thread overview]
Message-ID: <3E943A2A.6070602@rtij.nl> (raw)
In-Reply-To: <1049892747.23224.30.camel@gt4rvnd11.telogy.design.ti.com>

marian stagarescu wrote:

>>The recent match should be able to do this.
>>1. Create a rule that matches the control channel and add the packet to 
>>a recent-table.
>>2. Match on the udp reverse packets. and on the reversed source/dest in 
>>the recent table. If match, accept.
>>
>>Martijn
>>    
>>
>
>hi martijn,
>
>thanks for your input. a couple questions on this recent match patch
>usage here:
>
>for 1 above:
>
>iptables -I FORWARD -o (NET_IFACE) -p tcp --dport 100 -m recent --name
>test --set -j ACCEPT
> 
>will install src (LAN IP) in recent list
>
>2) Not trying to set the accept for reverse:
>
>iptables -I FORWARD -i (NET_IFACE) -p udp --dport 200 -m recent --name
>test --rcheck 
>
>will test against the src ip (NET IP) whereas i need dst ip (LAN IP)
>
>  
>

Mind you, you'll need a more recent (no pun intended) release of 
iptables than the current release, This functionality is not in iptables 
1.2.7a. Look at the homepage for recent 
(http://snowman.net/projects/ipt_recent/) for more information on how to 
use it, there are examples there. Also see my previous post and the 
answer from Stephen Frost (the author of the recent module) (Subject: 
Talking about recent (was: Re: [PATCH] 2.4.x new amanda conntrack + NAT 
support)).

Finally, this kind of questions really belongs on the user-list 
(although in this paprticular instance you where lucky you posted here). 
Please post question about usage of iptables there 
(netfilter@lists.netfilter.org).

HTH,
Martijn Lievaart

     prev parent reply	other threads:[~2003-04-09 15:20 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-04-09  0:02 conntrack and application-triggered port forwarding marian stagarescu
2003-04-09 11:21 ` Martijn Lievaart
2003-04-09 12:52   ` marian stagarescu
2003-04-09 15:20     ` Martijn Lievaart [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E943A2A.6070602@rtij.nl \
    --to=m@rtij.nl \
    --cc=marian@ti.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.